use of snowblossom.proto.SignedMessagePayload in project snowblossom by snowblossomcoin.
the class CertGen method generateSelfSignedCert.
/**
* @param key_pair Key pair to use to sign the cert inner signed message, the node key
* @param tls_wkp The temporary key to use just for this cert and TLS sessions
* @param spec Address for 'key_pair'
*/
public static X509Certificate generateSelfSignedCert(WalletKeyPair key_pair, WalletKeyPair tls_wkp, AddressSpec spec) throws Exception {
AddressSpecHash address_hash = AddressUtil.getHashForSpec(spec);
String address = AddressUtil.getAddressString(Globals.NODE_ADDRESS_STRING, address_hash);
byte[] encoded_pub = tls_wkp.getPublicKey().toByteArray();
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(encoded_pub));
String dn = String.format("CN=%s, O=Snowblossom", address);
X500Name issuer = new X500Name(dn);
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
Date notBefore = new Date(System.currentTimeMillis());
Date notAfter = new Date(System.currentTimeMillis() + 86400000L * 365L * 10L);
X500Name subject = issuer;
X509v3CertificateBuilder cert_builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
// System.out.println(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName);
ASN1ObjectIdentifier snow_claim_oid = new ASN1ObjectIdentifier("2.5.29.134");
// System.out.println(spec);
SignedMessagePayload payload = SignedMessagePayload.newBuilder().setTlsPublicKey(tls_wkp.getPublicKey()).build();
SignedMessage sm = MsgSigUtil.signMessage(spec, key_pair, payload);
byte[] sm_data = sm.toByteString().toByteArray();
cert_builder.addExtension(snow_claim_oid, true, sm_data);
String algorithm = "SHA256withRSA";
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(tls_wkp.getPrivateKey().toByteArray());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
// ContentSigner sigGen = new BcECContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X509CertificateHolder certificateHolder = cert_builder.build(sigGen);
X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
return cert;
}
use of snowblossom.proto.SignedMessagePayload in project snowblossom by snowblossomcoin.
the class MsgSigUtil method validateSignedMessage.
public static SignedMessagePayload validateSignedMessage(SignedMessage sm, NetworkParams params) throws ValidationException {
try {
SignedMessagePayload payload = SignedMessagePayload.parseFrom(sm.getPayload());
ByteString signature = sm.getSignature();
AddressSpec claim = payload.getClaim();
if ((claim.getRequiredSigners() != 1) || (claim.getSigSpecsCount() != 1)) {
throw new ValidationException("Multisig not supported");
}
MessageDigest md = DigestUtil.getMD();
byte[] hash = md.digest(sm.getPayload().toByteArray());
SigSpec sig_spec = claim.getSigSpecs(0);
if (!SignatureUtil.checkSignature(sig_spec, ByteString.copyFrom(hash), signature)) {
throw new ValidationException("Signature match failure");
}
if (payload.getTimestamp() > params.getMaxClockSkewMs() + System.currentTimeMillis()) {
throw new ValidationException("Signed message too far into future");
}
return payload;
} catch (com.google.protobuf.InvalidProtocolBufferException e) {
throw new ValidationException(e);
}
}
use of snowblossom.proto.SignedMessagePayload in project snowblossom by snowblossomcoin.
the class MsgSigUtil method signMessage.
/**
* @param starting_payload should have of oneof z specified for the body.
*/
public static SignedMessage signMessage(AddressSpec claim, WalletKeyPair wkp, SignedMessagePayload starting_payload) throws ValidationException {
if ((claim.getRequiredSigners() != 1) || (claim.getSigSpecsCount() != 1)) {
throw new ValidationException("Multisig not supported");
}
SignedMessagePayload.Builder payload = SignedMessagePayload.newBuilder();
payload.mergeFrom(starting_payload);
payload.setTimestamp(System.currentTimeMillis());
payload.setClaim(claim);
ByteString payload_data = payload.build().toByteString();
SignedMessage.Builder signed = SignedMessage.newBuilder();
signed.setPayload(payload_data);
MessageDigest md = DigestUtil.getMD();
byte[] hash = md.digest(payload_data.toByteArray());
signed.setSignature(SignatureUtil.sign(wkp, ByteString.copyFrom(hash)));
return signed.build();
}
use of snowblossom.proto.SignedMessagePayload in project snowblossom by snowblossomcoin.
the class PeerUtil method isSane.
public static boolean isSane(PeerInfo a, NetworkParams params) {
if (a.toByteString().size() > 16000)
return false;
if (a.getHost().length() < 1)
return false;
if (a.getHost().length() > 255)
return false;
if (a.getPort() <= 0)
return false;
if (a.getPort() > 65535)
return false;
if (!HexUtil.getSafeString(a.getHost()).equals(a.getHost()))
return false;
if (!HexUtil.getSafeString(a.getVersion()).equals(a.getVersion()))
return false;
if (a.getNodeId().size() > Globals.MAX_NODE_ID_SIZE)
return false;
if (a.getLastChecked() > System.currentTimeMillis())
return false;
if (a.getLastPassed() > System.currentTimeMillis())
return false;
if (a.getLearned() > System.currentTimeMillis())
return false;
if (a.getNodeSnowAddress().size() > Globals.ADDRESS_SPEC_HASH_LEN)
return false;
if (a.getTrustnetAddress().size() > Globals.ADDRESS_SPEC_HASH_LEN)
return false;
for (int shard_id : a.getShardIdSetList()) {
if (shard_id < 0)
return false;
if (shard_id > params.getMaxShardId())
return false;
}
// If there is a claim of a trustnet, it must be signed
if (a.getTrustnetAddress().size() > 0) {
try {
SignedMessagePayload payload = MsgSigUtil.validateSignedMessage(a.getTrustnetSignedPeerInfo(), params);
PeerInfo b = payload.getPeerInfo();
AddressSpec claim = payload.getClaim();
AddressSpecHash signed_by = AddressUtil.getHashForSpec(claim);
if (!signed_by.equals(a.getTrustnetAddress()))
return false;
// At this point, the peer info has a signed version and it is signed by the claimed trustnet address
if (!a.getHost().equals(b.getHost()))
return false;
if (a.getPort() != b.getPort())
return false;
if (ByteStringComparator.compareStatic(a.getNodeId(), b.getNodeId()) != 0)
return false;
if (ByteStringComparator.compareStatic(a.getNodeSnowAddress(), b.getNodeSnowAddress()) != 0)
return false;
if (ByteStringComparator.compareStatic(a.getTrustnetAddress(), b.getTrustnetAddress()) != 0)
return false;
TreeSet<Integer> a_set = new TreeSet<Integer>();
a_set.addAll(a.getShardIdSetList());
TreeSet<Integer> b_set = new TreeSet<Integer>();
b_set.addAll(b.getShardIdSetList());
if (!a_set.equals(b_set))
return false;
} catch (ValidationException e) {
return false;
}
}
return true;
}
Aggregations